Re: Debian mirrors and MITM
On Jul 3, 2014, at 11:55 AM, Reid Sutherland wrote:
> On Jul 3, 2014, at 11:09 AM, Hans-Christoph Steiner <firstname.lastname@example.org> wrote:
>> On Jun 2, 2014, at 9:29 AM, Jann Horn wrote:
>>> On Fri, May 30, 2014 at 10:06:06AM -0400, micah anderson wrote:
>>>> Now I don't want to call into question the esteemed authors of said
>>>> program, and depending libraries, but I do think that providing https
>>>> mirrors gives us two distinct advantages over plain http:
>>>> . in the case that there is a bug in apt, or gpg, or something
>>>> else, having https would provide at minimum a minor set of
>>>> defense against bulk, non-targeted quantum insert and foxacid
>>>> attacks, not to mention MiTM compromises from a hostile local
>>> Heh. Because SSL/TLS libraries are so impenetrable and secure? :D
>> Even GnuPG has had exploitable bugs. Adding layers of different security techniques can help make the apt distribution system less fragile when such bugs inevitably arise.
> Adding another layer of code does not always improve security. Using the argument of bugs, what happens when your vulnerable SSL clients connects to a malicious mirror?
> You suggest that GnuPG could have security flaws, but you promote software line that has already demonstrated numerous security problems.
> On a side, SSL is already available in apt, anyone is free to implement SSL on their mirror server and use it in their apt client. If you need to secure the initial installation download use the verification information found here <https://www.debian.org/CD/verify>.
The point is to figure out a better way that is included by default.